diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index de73357907..100a236872 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -15,9 +15,9 @@ var FileList={
extension=false;
}
html+='
';
- html+=''+basename;
+ html+=''+escapeHTML(basename);
if(extension){
- html+=''+extension+'';
+ html+=''+escapeHTML(extension)+'';
}
html+=' | ';
if(size!='Pending'){
@@ -189,9 +189,9 @@ var FileList={
checkName:function(oldName, newName, isNewFile) {
if (isNewFile || $('tr').filterAttr('data-file', newName).length > 0) {
if (isNewFile) {
- $('#notification').html(newName+' '+t('files', 'already exists')+''+t('files', 'replace')+''+t('files', 'suggest name')+''+t('files', 'cancel')+'');
+ $('#notification').html(escapeHTML(newName)+' '+t('files', 'already exists')+''+t('files', 'replace')+''+t('files', 'suggest name')+''+t('files', 'cancel')+'');
} else {
- $('#notification').html(newName+' '+t('files', 'already exists')+''+t('files', 'replace')+''+t('files', 'cancel')+'');
+ $('#notification').html(escapeHTML(newName)+' '+t('files', 'already exists')+''+t('files', 'replace')+''+t('files', 'cancel')+'');
}
$('#notification').data('oldName', oldName);
$('#notification').data('newName', newName);
@@ -272,9 +272,9 @@ var FileList={
} else {
// NOTE: Temporary fix to change the text to unshared for files in root of Shared folder
if ($('#dir').val() == '/Shared') {
- $('#notification').html(t('files', 'unshared')+' '+files+''+t('files', 'undo')+'');
+ $('#notification').html(t('files', 'unshared')+' '+ escapeHTML(files) +''+t('files', 'undo')+'');
} else {
- $('#notification').html(t('files', 'deleted')+' '+files+''+t('files', 'undo')+'');
+ $('#notification').html(t('files', 'deleted')+' '+ escapeHTML(files)+''+t('files', 'undo')+'');
}
$('#notification').fadeIn();
}